docker-zulip icon indicating copy to clipboard operation
docker-zulip copied to clipboard

Published 20 hours ago verified publisher icon zulip

HOST Server with NGINX Reverse Proxy + Let's Encrypt + Zulip in a Container (without certificates). How configuring it with docker-compose?

Open foramontano opened this issue 3 years ago • 1 comments

I'm kind of new with Zulip and I'm trying to deploy it in a PRO env with docker-compose in these conditions:

  • ZULIP Server: Zulip is deployed in a docker containers (inside a HOST server)
  • REVERSE PROXY Web Server: NGINX in a Host with a server redirecting to Zulip Server
  • CERTIFICATES: Server domain in Host with Let's Encrypt certificates (no in Zulip Container)

With the information I've seen (mainly about reverse proxy and entrypoint.sh) I've setted up my docker-compose.yaml file.

I don't know what I do have to do to avoid both container's certificate generation (self-signed & certbot) for delegating security in HOST server.

¿Any suggestions or hints?

Thanks in advance

When execute the docker-compose commad I see servers Zulip is related with (postgresql, rabbitmq, memcahed and redis), apparently, are working OK

This is the docker-compose content for Zulip service:

  .
  .
  .
  zulip:
    image: 'zulip/docker-zulip:3.1-0'
    build:
      context: .
      args:
        # Change these if you want to build zulip from a different repo/branch
        ZULIP_GIT_URL: https://github.com/zulip/zulip.git
        ZULIP_GIT_REF: 3.1
        # Set this up if you plan to use your own CA certificate bundle for building
        # CUSTOM_CA_CERTIFICATES:
    ports:
      - '5010:80'
      - '5011:443'
    env_file:
      - ./.env
    environment:
      SETTING_ZULIP_ADMINISTRATOR: '[email protected]'
      SETTING_EXTERNAL_HOST: 'zulip.example.es'
      SETTING_ALLOWED_HOSTS: "['zulip.example.es', 'localhost', '127.0.0.1']"
      SETTING_USE_X_FORWARDED_HOST: "True"
      SSL_CERTIFICATE_GENERATION: 'NO' # generated in HOST with Let's Encrypt
      DB_HOST: 'database'
      DB_HOST_PORT: '5432'
      DB_USER: 'zulip'
      SETTING_MEMCACHED_LOCATION: 'memcached:11211'
      SETTING_RABBITMQ_HOST: 'rabbitmq'
      SETTING_REDIS_HOST: 'redis'
      # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
      SETTING_EMAIL_HOST: 'mail.example.es'  # e.g. smtp.example.com
      SETTING_EMAIL_HOST_USER: '[email protected]'
      SETTING_EMAIL_PORT: '587'
      # It seems that the email server needs to use ssl or tls and can't be used without it
      SETTING_EMAIL_USE_SSL: 'False'
      SETTING_EMAIL_USE_TLS: 'True'
      ZULIP_AUTH_BACKENDS: 'EmailAuthBackend'
      # Uncomment this when configuring the mobile push notifications service
      # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
    volumes:
      - '/opt/docker/zulip/zulip:/data:rw'
    ulimits:
      nofile:
        soft: 1000000
        hard: 1048576

foramontano avatar Aug 24 '20 11:08 foramontano

Did you work this out? Here is what worked for me in environment variables. Then, I just pointed nginx at the container and all was good.

      DISABLE_HTTPS: 'True' # https://github.com/zulip/docker-zulip/issues/137
      SSL_CERTIFICATE_GENERATION: 'self-signed'

maltokyo avatar Apr 28 '21 08:04 maltokyo